Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-15393: CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973)
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
Список пакетов
SUSE Linux Enterprise Server 12 SP3-BCL
Ссылки
- Link for SUSE-SU-2022:2840-1
- E-Mail link for SUSE-SU-2022:2840-1
- SUSE Security Ratings
- SUSE Bug 1173514
- SUSE Bug 1196973
- SUSE Bug 1198829
- SUSE Bug 1200598
- SUSE Bug 1200762
- SUSE Bug 1200910
- SUSE Bug 1201251
- SUSE Bug 1201429
- SUSE Bug 1201635
- SUSE Bug 1201636
- SUSE Bug 1201930
- SUSE Bug 1201940
- SUSE CVE CVE-2020-15393 page
- SUSE CVE CVE-2020-36557 page
- SUSE CVE CVE-2020-36558 page
- SUSE CVE CVE-2021-33655 page
- SUSE CVE CVE-2021-33656 page
Описание
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
Затронутые продукты
Ссылки
- CVE-2020-15393
- SUSE Bug 1173514
Описание
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2020-36557
- SUSE Bug 1201429
- SUSE Bug 1201742
- SUSE Bug 1202874
- SUSE Bug 1205313
Описание
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
Затронутые продукты
Ссылки
- CVE-2020-36558
- SUSE Bug 1200910
- SUSE Bug 1201752
- SUSE Bug 1205313
Описание
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
Затронутые продукты
Ссылки
- CVE-2021-33655
- SUSE Bug 1201635
- SUSE Bug 1202087
- SUSE Bug 1205313
- SUSE Bug 1212291
Описание
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
Затронутые продукты
Ссылки
- CVE-2021-33656
- SUSE Bug 1201636
- SUSE Bug 1212286
Описание
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2021-39713
- SUSE Bug 1196973
- SUSE Bug 1197211
- SUSE Bug 1201790
Описание
An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.
Затронутые продукты
Ссылки
- CVE-2022-1462
- SUSE Bug 1198829
Описание
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20166
- SUSE Bug 1200598
- SUSE Bug 1212284
Описание
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
Затронутые продукты
Ссылки
- CVE-2022-2318
- SUSE Bug 1201251
- SUSE Bug 1212303
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-26365
- SUSE Bug 1200762
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33740
- SUSE Bug 1200762
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33741
- SUSE Bug 1200762
Описание
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Затронутые продукты
Ссылки
- CVE-2022-33742
- SUSE Bug 1200762
Описание
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
Затронутые продукты
Ссылки
- CVE-2022-36946
- SUSE Bug 1201940
- SUSE Bug 1201941
- SUSE Bug 1202312
- SUSE Bug 1202874
- SUSE Bug 1203208
- SUSE Bug 1204132
- SUSE Bug 1205313
- SUSE Bug 1212310